Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS134494.roa
File:                     AS134494.roa (raw, json)
Hash identifier:          qnquGGHeUQLpDRW3uULInNRM/JeaLYMVNWjK9fIQmUI=
Subject key identifier:   C7:FF:93:CD:AE:FC:9E:29:33:65:59:B4:A1:49:63:66:EA:53:B6:AE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5EDFE2A8C33051B631F83ECFBA5AFA5C4DB74AD7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS134494.roa
Signing time:             Tue 23 Jun 2026 19:50:13 +0000
ROA not before:           Tue 23 Jun 2026 19:45:13 +0000
ROA not after:            Tue 22 Jun 2027 19:50:13 +0000
asID:                     134494
IP address blocks:        140.150.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:df:e2:a8:c3:30:51:b6:31:f8:3e:cf:ba:5a:fa:5c:4d:b7:4a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 23 19:45:13 2026 GMT
            Not After : Jun 22 19:50:13 2027 GMT
        Subject: CN=C7FF93CDAEFC9E29336559B4A1496366EA53B6AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:02:84:93:af:4e:eb:2a:2d:2f:b7:60:0a:39:
                    08:b8:eb:7c:3d:b7:c6:52:0b:03:c0:d1:d6:2b:2f:
                    b4:06:5c:92:e9:6a:a2:dc:dd:24:71:04:20:cd:f4:
                    81:88:0b:9b:b8:1d:b9:f0:ed:bc:a4:f2:f0:66:72:
                    ca:0f:2b:cd:6a:a2:d7:f0:94:f9:5e:47:a1:96:4e:
                    07:64:58:5c:14:df:6f:d2:c8:40:2e:ec:8d:39:56:
                    7b:0d:6f:e1:34:7a:3c:26:7a:b7:bd:b3:11:46:b9:
                    6f:2c:b4:e8:20:58:2b:b4:b4:65:4b:50:6d:fe:8f:
                    ab:31:c6:88:8c:d7:12:22:55:8c:ab:66:c0:76:b8:
                    18:b1:4f:d8:e6:a6:28:ce:7a:79:54:aa:cf:d3:de:
                    0d:9c:00:2e:d9:23:91:9a:a7:c7:8a:fe:37:bb:86:
                    70:86:f6:a5:94:e8:5b:26:89:27:3d:e7:73:70:44:
                    14:c4:eb:63:d1:73:b1:f8:62:50:12:fe:e2:9c:c7:
                    8d:09:9d:c5:30:e6:4e:98:97:aa:82:27:3d:ff:84:
                    6d:1c:5a:f0:bd:5f:48:bf:d6:37:ea:38:aa:bc:ad:
                    80:e0:46:db:26:80:63:3a:c5:39:9f:db:18:59:91:
                    12:c9:87:c4:56:61:e0:da:66:13:ee:e6:10:1d:7d:
                    e0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:FF:93:CD:AE:FC:9E:29:33:65:59:B4:A1:49:63:66:EA:53:B6:AE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS134494.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:78:69:0a:4d:04:9e:1b:b3:34:71:3b:3a:36:f0:36:6b:fc:
         85:d7:4c:f7:50:d7:e6:94:68:c4:1d:27:09:72:f7:92:75:51:
         2c:26:d2:b5:08:9d:25:05:3f:c8:c3:95:40:38:a0:44:af:85:
         21:67:3b:bc:7e:fd:a3:c9:c4:12:c7:ad:45:e1:0e:ca:24:0f:
         e1:f6:10:e7:79:b8:d2:8e:26:0e:ab:94:cf:e9:4e:0a:29:21:
         b8:f6:b1:ca:04:91:ff:90:3e:34:8c:79:73:3c:fc:38:a4:57:
         8a:a9:80:4a:72:1b:7f:3e:15:02:14:9a:c1:50:64:9c:40:f2:
         cf:b9:8c:12:09:be:54:ac:4e:c5:87:e4:24:4f:5e:95:61:bb:
         b4:55:51:21:48:4a:a7:71:6e:c5:ad:ab:7f:fd:a1:13:35:8d:
         eb:60:cf:56:4d:8b:47:ae:8f:02:62:ae:83:b3:eb:d5:61:8c:
         4f:0f:7b:b0:58:d7:a8:90:f3:de:6c:7c:f5:fa:b5:16:8d:25:
         e7:4b:37:d6:ab:4f:7a:f4:23:22:3e:07:99:e6:0b:a4:0b:1d:
         d4:34:95:6f:d8:6d:62:92:34:56:a1:79:8d:8b:1c:29:b3:9f:
         89:d0:0f:ce:33:2a:88:e0:8b:6a:f1:0c:e3:e9:43:cd:d7:07:
         b2:05:55:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXt/iqMMwUbYx+D7Pulr6XE23StcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MjMxOTQ1MTNaFw0yNzA2MjIxOTUwMTNaMDMxMTAvBgNV
BAMTKEM3RkY5M0NEQUVGQzlFMjkzMzY1NTlCNEExNDk2MzY2RUE1M0I2QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmAoSTr07rKi0vt2AKOQi463w9
t8ZSCwPA0dYrL7QGXJLpaqLc3SRxBCDN9IGIC5u4Hbnw7byk8vBmcsoPK81qotfw
lPleR6GWTgdkWFwU32/SyEAu7I05VnsNb+E0ejwmere9sxFGuW8stOggWCu0tGVL
UG3+j6sxxoiM1xIiVYyrZsB2uBixT9jmpijOenlUqs/T3g2cAC7ZI5Gap8eK/je7
hnCG9qWU6FsmiSc953NwRBTE62PRc7H4YlAS/uKcx40JncUw5k6Yl6qCJz3/hG0c
WvC9X0i/1jfqOKq8rYDgRtsmgGM6xTmf2xhZkRLJh8RWYeDaZhPu5hAdfeBpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUx/+Tza78nikzZVm0oUljZupTtq4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM0NDk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJbp
MA0GCSqGSIb3DQEBCwUAA4IBAQCveGkKTQSeG7M0cTs6NvA2a/yF10z3UNfmlGjE
HScJcveSdVEsJtK1CJ0lBT/Iw5VAOKBEr4UhZzu8fv2jycQSx61F4Q7KJA/h9hDn
ebjSjiYOq5TP6U4KKSG49rHKBJH/kD40jHlzPPw4pFeKqYBKcht/PhUCFJrBUGSc
QPLPuYwSCb5UrE7Fh+QkT16VYbu0VVEhSEqncW7Frat//aETNY3rYM9WTYtHro8C
Yq6Ds+vVYYxPD3uwWNeokPPebHz1+rUWjSXnSzfWq0969CMiPgeZ5gukCx3UNJVv
2G1ikjRWoXmNixwps5+J0A/OMyqI4Itq8Qzj6UPN1weyBVVY
-----END CERTIFICATE-----